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JSON Web Key (JWK) 
Abstract 
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 
structure that represents a cryptographic key. This specification 
also defines a JWK Set JSON data structure that represents a set of 
JWKs. Cryptographic algorithms and identifiers for use with this 
Specification are described in the separate JSON Web Algorithms (JWA) 
Specification and IANA registries established by that specification. 
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1. Introduction 


A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 
data structure that represents a cryptographic key. This 
Specification also defines a JWK Set JSON data structure that 
represents a set of JWKs. Cryptographic algorithms and identifiers 
for use with this specification are described in the separate JSON 
Web Algorithms (JWA) [JWA] specification and IANA registries 
established by that specification. 


Goals for this specification do not include representing new kinds of 
certificate chains, representing new kinds of certified keys, or 
replacing X.509 certificates. 


JWKs and JWK Sets are used in the JSON Web Signature [JWS] and JSON 
Web Encryption [JWE] specifications. 


Names defined by this specification are short because a core goal is 
for the resulting representations to be compact. 


1.1. Notational Conventions 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 
"OPTIONAL" in this document are to be interpreted as described in 
"Key words for use in RFCs to Indicate Requirement Levels" [RFC2119]. 
The interpretation should only be applied when the terms appear in 
all capital letters. 


BASE64URL (OCTETS) denotes the base64url encoding of OCTETS, per 
Section 2 of [JWS]. 
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UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 
of STRING, where STRING is a sequence of zero or more Unicode 
[UNICODE] characters. 


ASCII(STRING) denotes the octets of the ASCII [RFC20] representation 
of STRING, where STRING is a sequence of zero or more ASCII 
characters. 


The concatenation of two values A and B is denoted as A || B. 
2. Terminology 


The terms "JSON Web Signature (JWS)", "Base64url Encoding", 
"Collision-Resistant Name", "Header Parameter", and "JOSE Header" are 
defined by the JWS specification [JWS]. 


The terms "JSON Web Encryption (JWE)", "Additional Authenticated Data 
(AAD)", "JWE Authentication Tag", "JWE Ciphertext", "JWE Compact 
Serialization", "JWE Encrypted Key", "JWE Initialization Vector", and 
"JWE Protected Header" are defined by the JWE specification [JWE]. 


The terms "Ciphertext", "Digital Signature", "Message Authentication 
Code (MAC)", and "Plaintext" are defined by the "Internet Security 
Glossary, Version 2" [RFC4949]. 


These terms are defined by this specification: 
JSON Web Key (JWK) 
A JSON object that represents a cryptographic key. The members of 


the object represent properties of the key, including its value. 


JWK Set 
A JSON object that represents a set of JWKs. The JSON object MUST 
have a "keys" member, which is an array of JWKs. 
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3. Example JWK 


This section provides an example of a JWK. The following example JWK 
declares that the key is an Elliptic Curve [DSS] key, it is used with 
the P-256 Elliptic Curve, and its x and y coordinates are the 
base64url-encoded values shown. A key identifier is also provided 
for the key. 


("kty" : "ECT, 

"crv":"P-256", 
"x":"f830J3D2xF1Bg8vub9tLelgHMzV76e8Tus9%uPHvRVEU", 
"y":"X FEzRu9m36HLN tue659LNpXW6pCyStikYjKIWI5aO0", 
"kid":"Public key used in JWS spec Appendix A.3 example" 
) 


Additional example JWK values can be found in Appendix A. 


4. JSON Web Key (JWK) Format 


A JWK is a JSON object that represents a cryptographic key. The 
members of the object represent properties of the key, including its 
value. This JSON object MAY contain whitespace and/or line breaks 
before or after any JSON values or structural characters, in 
accordance with Section 2 of RFC 7159 [RFC7159]. This document 
defines the key parameters that are not algorithm specific and, thus, 
common to many keys. 


In addition to the common parameters, each JWK will have members that 
are key type specific. These members represent the parameters of the 
key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 
defines multiple kinds of cryptographic keys and their associated 
members. 


The member names within a JWK MUST be unique; JWK parsers MUST either 
reject JWKs with duplicate member names or use a JSON parser that 
returns only the lexically last duplicate member name, as specified 
in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 


Additional members can be present in the JWK; if not understood by 
implementations encountering them, they MUST be ignored. Member 
names used for representing key parameters for different keys types 
need not be distinct. Any new member name should either be 
registered in the IANA "JSON Web Key Parameters" registry established 
by Section 8.1 or be a value that contains a Collision-Resistant 
Name. 
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4.1. "kty" (Key Type) Parameter 


The "kty" (key type) parameter identifies the cryptographic algorithm 
family used with the key, such as "RSA" or "EC". "kty" values should 
either be registered in the IANA "JSON Web Key Types" registry 
established by [JWA] or be a value that contains a Collision- 
Resistant Name. The "kty" value is a case-sensitive string. This 
member MUST be present in a JWK. 


A list of defined "kty" values can be found in the IANA "JSON Web Key 
Types" registry established by [JWA]; the initial contents of this 
registry are the values defined in Section 6.1 of [JWA]. 


The key type definitions include specification of the members to be 
used for those key types. Members used with specific "kty" values 
can be found in the IANA "JSON Web Key Parameters" registry 
established by Section 8.1. 


4.2. "use" (Public Key Use) Parameter 


The "use" (public key use) parameter identifies the intended use of 

the public key. The "use" parameter is employed to indicate whether 
a public key is used for encrypting data or verifying the signature 

on data. 


Values defined by this specification are: 


o "sig" (signature) 
o "enc" (encryption) 


Other values MAY be used. The "use" value is a case-sensitive 
string. Use of the "use" member is OPTIONAL, unless the application 
requires its presence. 


When a key is used to wrap another key and a public key use 
designation for the first key is desired, the "enc" (encryption) key 
use value is used, since key wrapping is a kind of encryption. The 
"enc" value is also to be used for public keys used for key agreement 
operations. 


Additional "use" (public key use) values can be registered in the 
IANA "JSON Web Key Use" registry established by Section 8.2. 
Registering any extension values used is highly recommended when this 
Specification is used in open environments, in which multiple 
organizations need to have a common understanding of any extensions 
used. However, unregistered extension values can be used in closed 
environments, in which the producing and consuming organization will 
always be the same. 
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4.3. "key ops" (Key Operations) Parameter 


The "key ops" (key operations) parameter identifies the operation(s) 
for which the key is intended to be used. The "key ops" parameter is 
intended for use cases in which public, private, or symmetric keys 
may be present. 


Its value is an array of key operation values. Values defined by 
this specification are: 


"sign" (compute digital signature or MAC) 

"verify" (verify digital signature or MAC) 

"encrypt" (encrypt content) 

"decrypt" (decrypt content and validate decryption, if applicable) 
"wrapKey" (encrypt key) 

"unwrapKey" (decrypt key and validate decryption, if applicable) 
"deriveKey" (derive key) 

"deriveBits" (derive bits not to be used as a key) 


00000000 


(Note that the "key_ops" values intentionally match the "KeyUsage" 
values defined in the Web Cryptography API 
[W3C.CR-WebCryptoAPI-20141211] specification.) 


Other values MAY be used. The key operation values are case- 
sensitive strings. Duplicate key operation values MUST NOT be 
present in the array. Use of the "key ops" member is OPTIONAL, 
unless the application requires its presence. 


Multiple unrelated key operations SHOULD NOT be specified for a key 
because of the potential vulnerabilities associated with using the 
same key with multiple algorithms. Thus, the combinations "sign" 
with "verify", "encrypt" with "decrypt", and "wrapKey" with 
"unwrapKey" are permitted, but other combinations SHOULD NOT be used. 


Additional "key ops" (key operations) values can be registered in the 
IANA "JSON Web Key Operations" registry established by Section 8.3. 
The same considerations about registering extension values apply to 
the "key ops" member as do for the "use" member. 


The "use" and "key ops" JWK members SHOULD NOT be used together; 
however, if both are used, the information they convey MUST be 
consistent. Applications should specify which of these members they 
use, if either is to be used by the application. 
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4.4. "alg" (Algorithm) Parameter 


The "alg" (algorithm) parameter identifies the algorithm intended for 
use with the key. The values used should either be registered in the 
IANA "JSON Web Signature and Encryption Algorithms" registry 
established by [JWA] or be a value that contains a Collision- 
Resistant Name. The "alg" value is a case-sensitive ASCII string. 
Use of this member is OPTIONAL. 


4.5. "kid" (Key ID) Parameter 


The "kid" (key ID) parameter is used to match a specific key. This 
is used, for instance, to choose among a set of keys within a JWK Set 
during key rollover. The structure of the "kid" value is 
unspecified. When "kid" values are used within a JWK Set, different 
keys within the JWK Set SHOULD use distinct "kid" values. (One 
example in which different keys might use the same "kid" value is if 
they have different "kty" (key type) values but are considered to be 
equivalent alternatives by the application using them.) The "kid" 
value is a case-sensitive string. Use of this member is OPTIONAL. 
When used with JWS or JWE, the "kid" value is used to match a JWS or 
JWE "kid" Header Parameter value. 


4.6. "x5u" (X.509 URL) Parameter 


The "x5u" (X.509 URL) parameter is a URI [RFC3986] that refers to a 
resource for an X.509 public key certificate or certificate chain 
[RFC5280]. The identified resource MUST provide a representation of 
the certificate or certificate chain that conforms to RFC 5280 
[RFC5280] in PEM-encoded form, with each certificate delimited as 
specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first 
certificate MUST match the public key represented by other members of 
the JWK. The protocol used to acquire the resource MUST provide 
integrity protection; an HTTP GET request to retrieve the certificate 
MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 
validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 
member is OPTIONAL. 


While there is no requirement that optional JWK members providing key 
usage, algorithm, or other information be present when the "x5u" 
member is used, doing so may improve interoperability for 
applications that do not handle PKIX certificates [RFC5280]. If 
other members are present, the contents of those members MUST be 
semantically consistent with the related fields in the first 
certificate. For instance, if the "use" member is present, then it 
MUST correspond to the usage that is specified in the certificate, 
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when it includes this information. Similarly, if the "alg" member is 
present, it MUST correspond to the algorithm specified in the 
certificate. 

4.7.  "x5c" (X.509 Certificate Chain) Parameter 


The "x5c" (X.509 certificate chain) parameter contains a chain of one 
or more PKIX certificates [RFC5280]. The certificate chain is 
represented as a JSON array of certificate value strings. Each 
string in the array is a base64-encoded (Section 4 of [RFC4648] -- 
not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. 
The PKIX certificate containing the key value MUST be the first 
certificate. This MAY be followed by additional certificates, with 
each subsequent certificate being the one used to certify the 


previous one. The key in the first certificate MUST match the public 
key represented by other members of the JWK. Use of this member is 
OPTIONAL. 


As with the "x5u" member, optional JWK members providing key usage, 
algorithm, or other information MAY also be present when the "x5c" 
member is used. If other members are present, the contents of those 
members MUST be semantically consistent with the related fields in 
the first certificate. See the last paragraph of Section 4.6 for 
additional guidance on this. 


4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 


The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a 
base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER 
encoding of an X.509 certificate [RFC5280]. Note that certificate 
thumbprints are also sometimes known as certificate fingerprints. 
The key in the certificate MUST match the public key represented by 
other members of the JWK. Use of this member is OPTIONAL. 


As with the "x5u" member, optional JWK members providing key usage, 
algorithm, or other information MAY also be present when the "x5t" 


member is used. If other members are present, the contents of those 
members MUST be semantically consistent with the related fields in 
the referenced certificate. See the last paragraph of Section 4.6 


for additional guidance on this. 
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4.9.  "x5t45256" (X.509 Certificate SHA-256 Thumbprint) Parameter 


The "x5t#S256" (X.509 certificate SHA-256 thumbprint) parameter is a 
base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER 
encoding of an X.509 certificate [RFC5280]. Note that certificate 
thumbprints are also sometimes known as certificate fingerprints. 
The key in the certificate MUST match the public key represented by 
other members of the JWK. Use of this member is OPTIONAL. 


As with the "x5u" member, optional JWK members providing key usage, 
algorithm, or other information MAY also be present when the 
"x5t#S256" member is used. If other members are present, the 
contents of those members MUST be semantically consistent with the 
related fields in the referenced certificate. See the last paragraph 
of Section 4.6 for additional guidance on this. 


5. JWK Set Format 


A JWK Set is a JSON object that represents a set of JWKs. The JSON 
object MUST have a "keys" member, with its value being an array of 
JWKs. This JSON object MAY contain whitespace and/or line breaks. 


The member names within a JWK Set MUST be unique; JWK Set parsers 
MUST either reject JWK Sets with duplicate member names or use a JSON 
parser that returns only the lexically last duplicate member name, as 
Specified in Section 15.12 ("The JSON Object") of ECMAScript 5.1 
[ECMAScript]. 


Additional members can be present in the JWK Set; if not understood 
by implementations encountering them, they MUST be ignored. 
Parameters for representing additional properties of JWK Sets should 
either be registered in the IANA "JSON Web Key Set Parameters" 
registry established by Section 8.4 or be a value that contains a 
Collision-Resistant Name. 


Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 
(key type) values that are not understood by them, that are missing 
required members, or for which values are out of the supported 


ranges. 
5.1. "keys" Parameter 
The value of the "keys" parameter is an array of JWK values. By 


default, the order of the JWK values within the array does not imply 
an order of preference among them, although applications of JWK Sets 
can choose to assign a meaning to the order for their purposes, if 
desired. 
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6. String Comparison Rules 


The string comparison rules for this specification are the same as 
those defined in Section 5.3 of [JWS]. 


7. Encrypted JWK and Encrypted JWK Set Formats 


Access to JWKs containing non-public key material by parties without 
legitimate access to the non-public information MUST be prevented. 
This can be accomplished by encrypting the JWK when potentially 
observable by such parties to prevent the disclosure of private or 


symmetric key values. The use of an Encrypted JWK, which is a JWE 
with the UTF-8 encoding of a JWK as its plaintext value, is 
recommended for this purpose. The processing of Encrypted JWKs is 


identical to the processing of other JWEs. A "cty" (content type) 
Header Parameter value of "jwk+json" MUST be used to indicate that 
the content of the JWE is a JWK, unless the application knows that 
the encrypted content is a JWK by another means or convention, in 
which case the "cty" value would typically be omitted. 


JWK Sets containing non-public key material will also need to be 
encrypted under these circumstances. The use of an Encrypted JWK 
Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 
plaintext value, is recommended for this purpose. The processing of 
Encrypted JWK Sets is identical to the processing of other JWEs. A 
"Cty" (content type) Header Parameter value of "jwk-set+ json" MUST be 
used to indicate that the content of the JWE is a JWK Set, unless the 
application knows that the encrypted content is a JWK Set by another 
means or convention, in which case the "cty" value would typically be 
omitted. 


See Appendix C for an example encrypted JWK. 
8. IANA Considerations 


The following registration procedure is used for all the registries 
established by this specification. 


The registration procedure for values is Specification Required 
[RFC5226] after a three-week review period on the 
jose-reg-review@ietf.org mailing list, on the advice of one or more 
Designated Experts. However, to allow for the allocation of values 
prior to publication, the Designated Experts may approve registration 
once they are satisfied that such a specification will be published. 


Registration requests sent to the mailing list for review should use 


an appropriate subject (e.g., "Request to register JWK parameter: 
example"). 
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Within the review period, the Designated Experts will either approve 
or deny the registration request, communicating this decision to the 
review list and IANA. Denials should include an explanation and, if 
applicable, suggestions as to how to make the request successful. 
Registration requests that are undetermined for a period longer than 
21 days can be brought to the IESG's attention (using the 
iesg@ietf.org mailing list) for resolution. 


Criteria that should be applied by the Designated Experts include 
determining whether the proposed registration duplicates existing 
functionality, whether it is likely to be of general applicability or 
useful only for a single application, and whether the registration 
description is clear. 


IANA must only accept registry updates from the Designated Experts 
and should direct all requests for registration to the review mailing 
list. 


It is suggested that multiple Designated Experts be appointed who are 
able to represent the perspectives of different applications using 
this specification, in order to enable broadly informed review of 
registration decisions. In cases where a registration decision could 
be perceived as creating a conflict of interest for a particular 
Expert, that Expert should defer to the judgment of the other 
Experts. 


8.1. JSON Web Key Parameters Registry 


This section establishes the IANA "JSON Web Key Parameters" registry 
for JWK parameter names. The registry records the parameter name, 
the key type(s) that the parameter is used with, and a reference to 
the specification that defines it. It also records whether the 
parameter conveys public or private information. This section 
registers the parameter names defined in Section 4. The same JWK 
parameter name may be registered multiple times, provided that 
duplicate parameter registrations are only for key-type-specific JWK 
parameters; in this case, the meaning of the duplicate parameter name 
is disambiguated by the "kty" value of the JWK containing it. 


8.1.1. Registration Template 


Parameter Name: 
The name requested (e.g., "kid"). Because a core goal of this 
Specification is for the resulting representations to be compact, 
it is RECOMMENDED that the name be short -- not to exceed 8 
characters without a compelling reason to do so. This name is 
case sensitive. Names may not match other registered names in a 
case-insensitive manner unless the Designated Experts state that 
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there is a compelling reason to allow an exception. However, 
matching names may be registered, provided that the accompanying 
sets of "kty" values that the parameter name is used with are 
disjoint; for the purposes of matching "kty" values, "*" matches 
all values. 


Parameter Description: 


Brief description of the parameter (e.g., "Key ID"). 


Used with "kty" Value(s): 


The key type parameter value(s) that the parameter name is to be 
used with, or the value "*" if the parameter value is used with 
all key types. Values may not match other registered "kty" values 
in a case-insensitive manner when the registered parameter name is 
the same (including when the parameter name matches in a case- 
insensitive manner) unless the Designated Experts state that there 
is a compelling reason to allow an exception. 


Parameter Information Class: 


Registers whether the parameter conveys public or private 
information. Its value must be either Public or Private. 


Change Controller: 


For Standards Track RFCs, list the "IESG". For others, give the 
name of the responsible party. Other details (e.g., postal 
address, email address, home page URI) may also be included. 


Specification Document (s): 


000000 


000000 


Jones 


Reference to the document or documents that specify the parameter, 
preferably including URIs that can be used to retrieve copies of 
the documents. An indication of the relevant sections may also be 
included but is not required. 


Initial Registry Contents 


Parameter Name: "kty" 

Parameter Description: Key Type 

Used with "kty" Value(s): * 

Parameter Information Class: Public 

Change Controller: IESG 

Specification Document(s): Section 4.1 of RFC 7517 


Parameter Name: "use" 

Parameter Description: Public Key Use 

Used with "kty" Value(s): * 

Parameter Information Class: Public 

Change Controller: IESG 

Specification Document(s): Section 4.2 of RFC 7517 
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000000 


Jones 


Parameter Name: "key_ops" 

Parameter Description: Key Operations 
Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document (s): Section 4.3 


Parameter Name: "alg" 

Parameter Description: Algorithm 

Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document (s): Section 4.4 


Parameter Name: "kid" 

Parameter Description: Key ID 

Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document (s): Section 4.5 


Parameter Name: "x5u" 

Parameter Description: X.509 URL 

Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document(s): Section 4.6 


Parameter Name: "x5c" 


of RFC 7517 


of RFC 7517 


of RFC 7517 


of RFC 7517 


Parameter Description: X.509 Certificate Chain 


Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document(s): Section 4.7 


Parameter Name: "x5t" 


Parameter Description: X.509 Certificate SHA-1 Thumbprint 


Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document(s): Section 4.8 


Parameter Name: "x5t#S256" 


of RFC 7517 


of RFC 7517 


May 2015 


Parameter Description: X.509 Certificate SHA-256 Thumbprint 


Used with "kty" Value(s): * 

Parameter Information Class: Public 
Change Controller: IESG 

Specification Document(s): Section 4.9 
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JSON Web Key Use Registry 


This section establishes the IANA "JSON Web Key Use" registry for JWK 
"use" (public key use) member values. The registry records the 
public key use value and a reference to the specification that 
defines it. This section registers the parameter names defined in 
Section 4.2. 


Be Pre ds 


Registration Template 


Use Member Value: 


The name requested (e.g., "sig"). Because a core goal of this 
specification is for the resulting representations to be compact, 
it is RECOMMENDED that the name be short -- not to exceed 8 
characters without a compelling reason to do so. This name is 
case sensitive. Names may not match other registered names ina 
case-insensitive manner unless the Designated Experts state that 
there is a compelling reason to allow an exception. 


Use Description: 


Change Controller: 


Brief description of the use (e.g., "Digital Signature or MAC"). 


For Standards Track RFCs, list the "IESG". For others, give the 
name of the responsible party. Other details (e.g., postal 
address, email address, home page URI) may also be included. 


Specification Document (s): 


0000 


0000 


Jones 


Reference to the document or documents that specify the parameter, 
preferably including URIs that can be used to retrieve copies of 
the documents. An indication of the relevant sections may also be 
included but is not required. 


Initial Registry Contents 


Use Member Value: "sig" 

Use Description: Digital Signature or MAC 

Change Controller: IESG 

Specification Document(s): Section 4.2 of RFC 7517 


Use Member Value: "enc" 

Use Description: Encryption 

Change Controller: IESG 

Specification Document(s): Section 4.2 of RFC 7517 
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8.3. 


JSON Web Key Operations Registry 


This section establishes the IANA "JSON Web Key Operations" registry 
for values of JWK "key ops" array elements. The registry records the 
key operation value and a reference to the specification that defines 


lits. 


This section registers the parameter names defined in 


Section 4.3. 


931. 


Registration Template 


Key Operation Value: 


The name requested (e.g., "sign"). Because a core goal of this 
Specification is for the resulting representations to be compact, 
it is RECOMMENDED that the name be short -- not to exceed 8 
characters without a compelling reason to do so. This name is 
case sensitive. Names may not match other registered names in a 
case-insensitive manner unless the Designated Experts state that 
there is a compelling reason to allow an exception. 


Key Operation Description: 


Brief description of the key operation (e.g., "Compute digital 
Signature or MAC"). 


Change Controller: 


For Standards Track RFCs, list the "IESG". For others, give the 
name of the responsible party. Other details (e.g., postal 
address, email address, home page URI) may also be included. 


Specification Document (s): 


0000 


0000 


Jones 


Reference to the document or documents that specify the parameter, 
preferably including URIs that can be used to retrieve copies of 
the documents. An indication of the relevant sections may also be 
included but is not required. 


Initial Registry Contents 


Key Operation Value: "sign" 

Key Operation Description: Compute digital signature or MAC 
Change Controller: IESG 

Specification Document(s): Section 4.3 of RFC 7517 


Key Operation Value: "verify" 

Key Operation Description: Verify digital signature or MAC 
Change Controller: IESG 

Specification Document(s): Section 4.3 of RFC 7517 
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Key Operation Value: "encrypt" 
Key Operation Description: Encrypt content 
Change Controller: IESG 
Specification Document(s): Section 4.3 of RFC 7517 
Key Operation Value: "decrypt" 
Key Operation Description: Decrypt content and validate 
decryption, if applicable 
Change Controller: IESG 
Specification Document(s): Section 4.3 of RFC 7517 
Key Operation Value: "wrapKey" 
Key Operation Description: Encrypt key 


Change Controller: 
Specification 


Key Operation Value: 


Key Operation Description: 


applicable 
Change Controller: 


Key Operation Value: 


Key Operation Description: 
IESG 
Document (s): 


Change Controller: 
Specification 
Key Operation Value: 


Key Operation Description: 
IESG 
Specification Document (s): 


Change Controller: 


IESG 
Document (s): 


Section 4.3 


"unwrapKey" 
Decrypt 


IESG 
Specification Document (s): 


Section 4.3 


"deriveKey" 
Derive key 


Section 4.3 
"deriveBits" 


Derive bits 


Section 4.3 


JSON Web Key Set Parameters Registry 


of RFC 7517 
if 


and validate decryption, 


of RFC 7517 


of RFC 7517 
not to be used as a key 


of RFC 7517 


This section establishes the IANA "JSON Web Key Set Parameters" 


registry for JWK Set parameter names. 


The registry records the 


parameter name and a reference to the specification that defines it. 
This section registers the parameter names defined in Section 5. 


8.4.1. 


Registration Template 


Parameter Name: 


Jones 


The name requested 


(e.g., 


"keys") . 


Because a core goal of this 


Specification is for the resulting representations to be compact, 


it is RECOMMENDED that the name be short 
characters without a compelling reason to do so. 


case sensitive. 


-- not to exceed 8 
This name is 


Names may not match other registered names in a 


case-insensitive manner unless the Designated Experts state that 
there is a compelling reason to allow an exception. 
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Parameter Description: 


Brief description of the parameter (e.g., "Array of JWK values"). 


Change Controller: 


For Standards Track RFCs, list the "IESG". For others, give the 
name of the responsible party. Other details (e.g., postal 
address, email address, home page URI) may also be included. 


Specification Document (s): 


0000 


8.54 


S5 lx 


Reference to the document or documents that specify the parameter, 
preferably including URIs that can be used to retrieve copies of 
the documents. An indication of the relevant sections may also be 
included but is not required. 


Initial Registry Contents 
Parameter Name: "keys" 
Parameter Description: Array of JWK Values 
Change Controller: IESG 
Specification Document(s): Section 5.1 of RFC 7517 
Media Type Registration 


Registry Contents 


This section registers the "application/jwk+json" and "application/ 
jwk-set+json" media types [RFC2046] in the "Media Types" registry 
[IANA.MediaTypes] in the manner described in RFC 6838 [RFC6838], 
which can be used to indicate that the content is a JWK or a JWK Set, 
respectively. 


OOo000 


Jones 


Type Name: application 

Subtype Name: jwk-tjson 

Required Parameters: n/a 

Optional Parameters: n/a 

Encoding considerations: 8bit; application/jwk+json values are 
represented as a JSON object; UTF-8 encoding SHOULD be employed 
for the JSON object. 

Security Considerations: See the Security Considerations section 
of RFC 7517. 

Interoperability Considerations: n/a 

Published Specification: RFC 7517 

Applications that use this media type: OpenID Connect, Salesforce, 
Google, Android, Windows Azure, W3C WebCrypto API, numerous others 
Fragment identifier considerations: n/a 
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o Additional Information: 


Magic number (s): n/a 
File extension(s): n/a 
Macintosh file type code(s): n/a 
o Person & email address to contact for further information: 
Michael B. Jones, mbj@microsoft.com 
o Intended Usage: COMMON 
o Restrictions on Usage: none 
o Author: Michael B. Jones, mbj@microsoft.com 
o Change Controller: IESG 
o Provisional registration? No 


o Type Name: application 
o Subtype Name: jwk-set+json 
o Required Parameters: n/a 
o Optional Parameters: n/a 
O 


2015 


Encoding considerations: 8bit; application/jwk-set+json values are 
represented as a JSON Object; UTF-8 encoding SHOULD be employed 


for the JSON object. 


o Security Considerations: See the Security Considerations section 


of RFC 7517. 
o Interoperability Considerations: n/a 
o Published Specification: RFC 7517 


o Applications that use this media type: OpenID Connect, Salesforce, 
Google, Android, Windows Azure, W3C WebCrypto API, numerous others 


o Fragment identifier considerations: n/a 
o Additional Information: 


Magic number(s): n/a 
File extension(s): n/a 
Macintosh file type code(s): n/a 
o Person & email address to contact for further information: 
Michael B. Jones, mbj@microsoft.com 
o Intended Usage: COMMON 
o Restrictions on Usage: none 
o Author: Michael B. Jones, mbj@microsoft.com 
o Change Controller: IESG 
o Provisional registration? No 
9. Security Considerations 


All of the security issues that are pertinent to any cryptographic 


application must be addressed by JWS/JWE/JWK agents. Among these 
issues are protecting the user's asymmetric private and symmetric 


secret keys and employing countermeasures to various attacks. 
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9.1. Key Provenance and Trust 


One should place no more trust in the data cryptographically secured 
by a key than in the method by which it was obtained and in the 
trustworthiness of the entity asserting an association with the key. 
Any data associated with a key that is obtained in an untrusted 
manner should be treated with skepticism. See Section 10.3 of [JWS] 
for security considerations on key origin authentication. 


In almost all cases, applications make decisions about whether to 
trust a key based on attributes bound to the key, such as names, 
roles, and the key origin, rather than based on the key itself. When 
an application is deciding whether to trust a key, there are several 
ways that it can bind attributes to a JWK. Two example mechanisms 
are PKIX [RFC5280] and JSON Web Token (JWT) [JWT]. 


For instance, the creator of a JWK can include a PKIX certificate in 
the JWK’s "x5c" member. If the application validates the certificate 
and verifies that the JWK corresponds to the subject public key in 
the certificate, then the JWK can be associated with the attributes 
in the certificate, such as the subject name, subject alternative 
names, extended key usages, and its signature chain. 


As another example, a JWT can be used to associate attributes with a 
JWK by referencing the JWK as a claim in the JWT. The JWK can be 
included directly as a claim value or the JWT can include a TLS- 
secured URI from which to retrieve the JWK value. Either way, an 
application that gets a JWK via a JWT claim can associate it with the 
JWT's cryptographic properties and use these and possibly additional 
claims in deciding whether to trust the key. 


The security considerations in Section 12.3 of XML DSIG 2.0 
[W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital 
Signature depending upon all the links in the security chain also 
apply to this specification. 


The TLS Requirements in Section 8 of [JWS] also apply to this 
Specification, except that the "x5u" JWK member is the only feature 
defined by this specification using TLS. 


9.2. Preventing Disclosure of Non-public Key Information 
Private and symmetric keys MUST be protected from disclosure to 
unintended parties. One recommended means of doing so is to encrypt 


JWKs or JWK Sets containing them by using the JWK or JWK Set value as 
the plaintext of a JWE. Of course, this requires that there be a 
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9. 


9. 


10. 


10. 


Secure way to obtain the key used to encrypt the non-public key 
information to the intended party and a secure way for that party to 
obtain the corresponding decryption key. 


The security considerations in RFC 3447 [RFC3447] and RFC 6030 
[RFC6030] about protecting private and symmetric keys, key usage, and 
information leakage also apply to this specification. 


3. RSA Private Key Representations and Blinding 


The RSA Key blinding operation [Kocher], which is a defense against 
some timing attacks, requires all of the RSA key values "n", "e", and 
"d". However, some RSA private key representations do not include 
the public exponent "e", but only include the modulus "n" and the 
private exponent "d". This is true, for instance, of the Java 
RSAPrivateKeySpec API, which does not include the public exponent "e" 
as a parameter. So as to enable RSA key blinding, such 
representations should be avoided. For Java, the 
RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 
the "Handbook of Applied Cryptography" [HAC] discusses how to compute 
the remaining RSA private key parameters, if needed, using only "n" 
Nem and Nou B 


4. Key Entropy and Random Values 


See Section 10.1 of [JWS] for security considerations on key entropy 
and random values. 
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Appendix A. Example JSON Web Key Sets 


A. 


A. 


Ta 


2. 


Example Public Keys 


The following example JWK Set contains two public keys represented as 
JWKs: one using an Elliptic Curve algorithm and a second one using an 
RSA algorithm. The first specifies that the key is to be used for 
encryption. The second specifies that the key is to be used with the 
"RS256" algorithm. Both provide a key ID for key matching purposes. 
In both cases, integers are represented using the base64url encoding 
of their big-endian representations. (Line breaks within values are 
for display purposes only.) 


{"keys": 
[ 
{"kty" : "ECT, 
"crv":"P-256", 
"x":  HKBCTNICKUSDiillySs3526iDZ8AiTo7Tu6KPAqv7D4", 
"y": "4Et16SRW2YiLUrN5vfvVHuhp7x8Px1tmWWl1bbM4IFyM", 
"use" : "enc", 
"kid" : mi } $ 


{ " kty" : "RSA" $ 

"n": "Ovx7agoebGcOSuuPiLJXZptN9nndrOmbXEps2aiAFbWhM78LhWx 
4AcbbfAAtVT86zwulRK7aPFFxuhDR1L6tSoc BJECPebWKRXjBZCiFV4n3oknjhMs 
tn64tZ 2W-5JsGY4AHc5n9yBXArwl931qt7 RN5w6CfOh4QyQb5v-65YGjORO FDW2 
QvzqY3680O0MicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMOvRL5hajrnin91CbOpbI 
SD08qNLyrdkt-bFTWhAIA4vMOFh6WeZuOfMAlFd2NcCRwr3XPksINHaQ-G xBnilqb 
wOLs1jF44-csFCur-kEgU8awapJzKnqDKgw", 

"an : "AOAB " P 

"alg" : "RS256", 

"kid":"2011-04-29"] 


Example Private Keys 


The following example JWK Set contains two keys represented as JWKs 
containing both public and private key values: one using an Elliptic 
Curve algorithm and a second one using an RSA algorithm. This 
example extends the example in the previous section, adding private 
key values. (Line breaks within values are for display purposes 
only.) 
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{ keys" s 
[ 

{ "kty" : "EC", 
"cry" : "p-256", 
"X":"MKBCTNICKUSDiillySs3526iDZ8AiTo7Tu6KPAqv7D4", 
"y":"AECl6SRWZ2YiLUrN5vfvVHuhp7x8PxltmWWlbbMAIFyM", 
"d":"870MB6gfuTJAHtUnUvYMyJpr5eUZNPA4Bk43bVdj3eAE", 
"use" : "enc", 
"kid" : "mit } 7 


{ " kty" : "RSA" " 

"n":"Ovx7agoebGcOSuuPiLJXZptN9nndrOmbXEps2aiAFbWhM78LhWx4 
CbbfAAtVT86zwulRK7aPFFxuhDR1L6tSoc BJECPebWKRXjBZCiFV4n3oknjhMst 
n64tZ 2W-5JsGYAHc5n9yBXArwl931lqt"7 RN5w6CfO0h4QyQ5v-65YGjORO FDW2Q 
vzqY368QO0MicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQOvRL5hajrnin91CbOpbIS 
D08qNLyrdkt-bFTWhAIA4vMOFh6WeZu0fMAlFd2NCRwr3XPksINHaQ-G xBnilqbw 
OLs1jF44-csFCur-kEgU8awapJzKnqDKgw", 

"Ten : "AOAB " 7 

"d":"XACTteJY gn4FYPsXB8rdXix5vwsglFLN5E3EaG6RJoVH-HLLKD9 
M7dx5oo7GURknchnrRweUkC7hT5fJLMOWDFAKNLWY2vv7B6NqXSzUvxTO YSfqij 
wp3RTz1BaCxWp4doFk5N208Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 
. cCPVY3107a3t8MN6TNwmOdSawm9v47UiCl3Sk5Z2iG7xojPLu4sbg1U2jx4IBTNBz 
nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us21GVkY8fkFz 
melzOHbIkfzOY6mqnOYtqcOX4jfcKoAC8Q", 

"p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z227zv80j6pbWUQyLPOBOxtPV 
nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDt jjMmCMjOpSXicFHj7XOuVIYOyqV 
Wl1WEh6dN36GVZYk93N8Bc9vYAl1xy8B9RzzOGVOzXvNEvn7OOnVbfs", 

"q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuGO0oCuqnb3vobLyum 
qjvzgoldirdwgTnCdpYzBcOfW5r370AFXjiWft NGEiovonizhKpo9VVS78TzFgx 
kIdrecRezsZ-1kYd slqDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 

"dp":"GAsPXkc6Ya9y80JW9 ILj4xuppu0lzi H7VTkS8xj5SdX3coE0oim 
Ywxli2emTAueO0UOa5dpgFGyBJA4ACc8tQ2VFA402XRugKDTP8akYhFOo5tAA77Qe Nmtu 
YZc3C3m3124G2GvR5sSDXxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBjO", 

"dq":"s91AH9fggBsoFR80ac2R E2gw282rT2kGOAhvIllETElefrA6huUU 
vMfBcMpn81qeW6vzznYY5SSQF7pMdC agI3nG8lbpl1BUbOJUiraRNqUfLhcOb d9 
GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q cgk", 

"qi":"GyM p6JrXySizltoFgKbWV-JdI13jO4ypu9rbMWx3rQJBfmtOFoYzg 
UIZEVFEcOqwemRN81zoDAaa-BkOKWNGDjJHZDdDmFhW3AN71I-puxk mHZGJ11lrx 
yR8055XLSe3SPmRfKwZI6yU2AZxvQOKFYItdldUKGzO6Ia6zTKhAVRU", 

"alg" : "RS256", 

"kid":"2011-04-29"] 
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A.3. Example Symmetric Keys 


The following example JWK Set contains two symmetric keys represented 
as JWKs: one designated as being for use with the AES Key Wrap 
algorithm and a second one that is an HMAC key. (Line breaks within 
values are for display purposes only.) 


("keys": 
[ 
("kty" : “oct”, 
"alg":"A128KW", 
"k":"GawgguFyGrWKav7AXAVKUg"], 


("kty" : “oct”; 
"k":"AyM1SysPpbyDfgZ1d3umj1gqzKObwVMkog0-EstJQLr_T-14509ZH75 
aKtMN3Y30iPS4hcgUuTwjAzZr1Z9CAow", 
"kid": "HMAC key used in JWS spec Appendix A.1 example") 
] 
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Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 


The following is an example of a JWK with a RSA signing key 
represented both as an RSA public key and as an X.509 certificate 
using the "x5c" parameter (with line breaks within values for display 
purposes only): 


{ " kty" : "RSA" ? 

"use" : "sig", 

"kid":"1b94c", 
"n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX jjOhgAsz2J pqvYw08 

PLbK PdiVGKPrqgzmDISLI17sA25VEnHUluCLNwBuUiCO11 -7dYbsr4iJmGOQ 

u2j8DsVyTlazpJC NG84Ty5KKthuCaPod7il7wOLK9orSMhBEwwZDCxTWq4a 

YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUylwgzjYODwH 

MTplCoLtU-o-85SNnZzZ1tmRoGE9uJkBLdh5gFENabWnU5mlZqZzPdwS-qo-meMv 

VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZz jBPD5eunqsIolvQ", 

"an : "AOAB " $ 

"x5c" : 
["MIIDQjCCAiqgAwIBAgIGATz/FuLiMAO0GCSqGSIDb3DQEBBQUAMGIxCZAJB 
gNVBAYTAIVTMOswCQYDVQOIEWwWJDTzEPMAOGA1UEBxMGRGVudmVyMRwwGgYD 
VOOKExNOQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVOODEw5CcmlhbiBDYWIl1 
wYmVsbDAeFwOxMzAyMjEyMzI5MTVaFwOxODAAMTOyMjI5MTVaMGIxCZAJBg 
NVBAYTA1VTMOswCOYDVOOTEwWJDTzEPMAOGA1UEBxMGRGVudmVyMRwwGgYDV 
QOKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQODEw5CcmlhbiBDYWlw 
YmVsbDCCASIwDOYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 
YMeZOLncoXaEdelfiLmljHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 
S5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K-*IiZhtELto/A7FCck9Ws6 
SOvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIORMMGOwsUlquGmFgHIXPLfnpn 
fajrlrVTAwtgV5LEZAIel*Wl1GC8ugMhyr4/plMtcIMA42EA8BzE6ZQqC7VPq 
PvEjZ2dbZkaBhPbiZAS3YeYBRDWmlplOZtWamT3cEvqqgPpnjL1XyW-toyVVk 
aZdklLOp2Btgt9qr21m42f4wTwtXrp6rCKNbOCAwEAATANBgkqhkiG9w0BA 
QUFAAOCAQEAh8zGlfSl1cIOo3rYDPBB0O7aXNswbAECNIKGOCETTUxmXl9KUL 
*t9gGlqCz5iWLOgWsnrcKcYOvXPG9J1r9AqBNTqNgHq2G03X09266X5CpOel 

FotOwblzxtp3PehFdfQJ610CDLEaS 9V9Rgqp1 7ThCyybEpOGVwe8 fnk+fbEL 

2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2S8mmalzmnw9JiSlYhzo 

4tpzd5rFXhjRbg4zW9Ct*2qokt2tqDM1iJ684gPHMIY8aLWrdgOTxkumGmTq 

gawR-*N5MDtdPTEQOXfIBC2CJEUyMTY5MPvACWpkA6SdS4xSvdXK31VfOWA--"] 


N 


} 
Appendix C. Example Encrypted RSA Private Key 
This example encrypts an RSA private key to the recipient using 
"PBES2-HS256+A128KW" for key encryption and "A128CBC«*HS256" for 


content encryption. 


NOTE: Unless otherwise indicated, all line breaks are included solely 
for readability. 
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C.1. Plaintext RSA Private Key 


The following RSA key is the plaintext for the authenticated 
encryption operation, formatted as a JWK (with line breaks within 
values for display purposes only): 


1 

"kty" : "RSA", 

"kid":"juliet8capulet.lit", 

"use" : "enc", 

"n":"Lt608PWSildkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoKl1gPNqFMSORy 
0O125Gp-TEkodhWrO0iujjHVx7BcVOllSAw5ACGgPrcAd6ZcSRO-Iqom-QFCNP 
8Sjg086MwoqQU LYywlAGZ21WSdS PERyGFiNnj3QQlO8Yns5jCtLCRwLHLO 
PblfEv45AuRIUuUfVCPySBWYnDyGxvjYGDSM-AqWS9z102ZilgT-GqUmipgOX 
OCOCc20rgLe2ymLHjpHciCKVAbY5-L32-1SeZO-Os6U15 aXrk9Gw8cPUaX1 
.I18sLGuSiVdt3C Fn2PZ328i744FPFGGcGlqs2Wz-Q", 

"an : "AOAB", 

"d":"GRtbIOmhOZtyszfgKdg4u N-R mZzGU 9k7JOQ jniDnfTuMdSNprTeaSTyWfS 
NkuaAwnOEbIOVylIObWVV25NY3ybc IhUJtfri7bAXYEReWaCl3hdlPKXy9U 
vqPYGROkIXTORqans-dVJ7jahlI7LyckrpTmrM8dWBo4 PMaenNnPiOQgO0xnu 
ToxutRZJfJvGAOx4ka3GORQOd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 
rY15k9qMSpG9OX IJAXmxzAh tWiZOwk2K4yxH9tS3Lql1yX8C1lEWmeRDkK2a 
hecG85-oLKQt5VEpWHKmjOi gJSdSgqcN96X52esAQ", 

"p":"2rnSOVAhKSN8sSACgcOHFbs08XboFDqKum3sc4h3GRxrTmOQOdllZK9uw-PIHf 
QPOFkxXVrx-WE-ZEbrqivH 2iCLUS7wAl6XvARtlKkIaUxPPSYB9yk31s008 
UK96E3 OrADAYtAJS-M3JxCLfNgqh56HDnETTOhH3rCT5T3yJws", 

"q":"lu RiFDP7LBYh3NA4GXLT9OpSKYPOuQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 
edis4S7B coSKBOKj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6T1V8CLCYK 
rYl52ziqK0E ym20nkwsUX7eYTB7LbAHRK9GqocDE5BOf808IA4s", 

"dp":"KkMTWqBUefVwZ22 DbjlpPOqyHSHjj90L5x MOzqYAJMCLMZtbUtwKqvVDq3 
tbEo3ZIcohbDtt6SbfmWzggabpOxNxuBpoOOf a HgMXK lhqigI4y kqSlw 
Y521wjUnb5rgRrJ-yYolh41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 

"dq":"AvfS0-gRxvnO0bwJoMSnFxYcK1WnuEjOFluMGfwGitQBWtfZlEr7tlxDkbN9 
GOTB9yqpDoYaNO6H7CFtrkxhJIBQaj6nkF5KKS3TOtO5qCzkOkmxIe3KRbBy 
mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu lRFCOJ3xDea-ots", 

"gi":"1LSQi-w9CpyUReMErP1RSBLk7wNtOvs5EQpP qmuMvqw5 7NBUczScEoPwmUqq 
abu9V0-Py4d0Q57_bapoKRu1R90bvuFnU63SHWEFgG1ZOVIDMeAvmj4sm-Fp0o 
Yu neotgQOhzbI5gry7ajdYy9-21Nx 76aBZoOUu9HCJ-UsfSOI8" 


} 


The octets representing the plaintext used in this example (using 
JSON array notation) are: 


[123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 
105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 
117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 
58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 
80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 
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89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 
101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 
103, 80, 78, 113, 70, 77, 83, Bl; 82, 121, 79, 49, 50, 53, 71, 112, 
45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 
86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 
103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 
109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 
111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 
83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 
81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 
72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 
85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 
106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 
90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 
79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 
106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 
45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 
114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 
76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 
51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 
115, 50, 87, 122, 45, Bly 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 
66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 
79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 
45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 
49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 
83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 
73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 
98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 
69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 
85, 118, 113, 80, 89, 71, 82. 48, 107, 73, 88, 84, 81l, 82, 113, 110, 
115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 
107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 
77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 
84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 
52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 
115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 
68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 
53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 
109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 
52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 
69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 
45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 
105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 
101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 
86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 
98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 
52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 
117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 
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120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 
67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 
107, 73, 97, 85, 120, 80, 80, 83, 89. 66, 57, 121, 107, 51, 49, 115, 
48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 
65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 
54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 
51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 
105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 
79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 
116, 79, 67, 60, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 
115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 
99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 
45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 
54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 
67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 
109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 
98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 
56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 
77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 
49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 
95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 
116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 
73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 
103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 
102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 
73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 
110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 
75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 
116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 
44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 
118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 
87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 
116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 
107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 
78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 
97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81l, 116, 81, 53, 
113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 
121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 
68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 
84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 
101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 
83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 
49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 
112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 
122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 
86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 
82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 
87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 
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106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 
116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 
100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 
79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 
125] 


C.2. JOSE Header 


The following example JWE Protected Header declares that: 


o the Content Encryption Key is encrypted to the recipient using the 
PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 


o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 
247, 127, 8, 155, 137, 174, 42, 80, 215], 


o the Iteration Count ("p2c") value is 4096, 
o authenticated encryption is performed on the plaintext using the 


AES 128, CBC HMAC SHA 256 algorithm to produce the ciphertext and 
the Authentication Tag, and 


o the content type is application/jwk-tjson. 


"alg": "PBES2-HS256+A128KW", 
"p2s":"2WCTcIZ1Rvd_CJuJripQlw", 
"p2c":4096, 
"enc":"A128CBC-HS256", 
"cty":"jwk+json" 

} 


Encoding this JWE Protected Header as BASE64URL(UTF8 (JWE Protected 
Header)) gives this value (with line breaks for display purposes 
only): 


eyJhbGciOiJQOkVTMilIUzI1NitBMTIASl1ciLCJwMnMiOiIlyVONUYOpaMVJ2ZF9DSn 
VKomlwUTF3IiwicDJjljoOMDk2LCJlbmMiOiJBMTIA4QOJDLUhTMjU2IiwiY3R5Ijoi 
andrK2pzb24ifQ 

C.3. Content Encryption Key (CEK) 


Generate a 256-bit random Content Encryption Key (CEK). In this 
example, the value (using JSON array notation) is: 


[111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 


16L,- 131, .306,.955,- 202; 230, 185, 172, 129, 23, 153, 194, 4195, 49; 
253, 182] 
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C.4. Key Derivation 
Derive a key from a shared passphrase using the PBKDF2 algorithm with 
HMAC SHA-256 and the specified Salt and Iteration Count values and a 
128-bit requested output key size to produce the PBKDF2 Derived Key. 
This example uses the following passphrase: 

Thus from my lips, by yours, my sin is purged. 

The octets representing the passphrase are: 
[84,-. 104, 117; 115, 325 1027 1147 111, 109, 325 109, 121, 32, 108, 
105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 
T09, E21; 325 115, 105, 110; .32,.105, 115, 32; 112; 117, 114, 103; 
101, 100, 46] 
The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 
[80,..66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 50, 75, 
ST, 0; 217, 96, Lar, 112; 150, LIT 40, 24T, 127; 8, 155; 137, 174, 
42, 80, 215]. 
The resulting PBKDF2 Derived Key value is: 


[110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 
24, 75] 


C.5. Key Encryption 


Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 
Key. The resulting JWE Encrypted Key value is: 


[78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 
188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 
246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 


Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 
this value: 


TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TRluIxR9p6hsROh9Tk7BA 
C.6. Initialization Vector 


Generate a random 128-bit JWE Initialization Vector. In this 
example, the value is: 


[943, 299, 99, 214, LIL, 547, 26, 57, 1455 AL hy. 93, 342, BL, 149; 
156] 
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Encoding this JWE Initialization Vector as BASE64URL (JWE 
Initialization Vector) gives this value: 


Ye9j1gs22DmRSAddIh-VnA 
C.7. Additional Authenticated Data 


Let the Additional Authenticated Data encryption parameter be 
ASCII (BASE64URL (UTF8 (JWE Protected Header))). This value is: 


[123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 
50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 
58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 
117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 
52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 
66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 
106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 


C.8. Content Encryption 


Perform authenticated encryption on the plaintext with the 
AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 
key, the JWE Initialization Vector, and the Additional Authenticated 
Data value above. The resulting ciphertext is: 


[3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 
131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 
112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 
157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 
129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60; 
60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 192, 77, 59, 54, 211, 
158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 
136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 
65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 
126, 220, 151; 17, 38, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 
142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 
255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244; 23, 106, 69, 157, 
215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 
222, 82, 79, 157, 176, 248, 85, 239, 121; 163, 1, 31, 48, 98, 206, 
61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 
241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 
101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 
243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 
109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 
208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 
115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 
137, 189, 135, 26, 44, 240, 27, 88, 192, 105, 1277 6, 71, 37, 41; 
194, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171; 
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138, 
148, 
197, 
209 
1295 
215, 
253, 
161, 
113, 
150, 
174, 
88, 

109, 
144, 
82, 

DAD, 
184, 
198, 
253, 
3, 
115, 
75, 

207, 
28, 

12, 

202, 
202, 
195, 
208, 
25. 

250, 
202 
136, 
0, 

44, 
160, 
91, 

59, 

141, 
213, 
oo 
166, 
178, 
94, 

251, 
154, 
48, 

85, 


Jones 


32, 


72, 


145, 
244, 
HOT 
247, 
57, 
189, 
216, 
34, 
96, 
209, 
185, 
9, 
70, 
200, 
225, 
2. 
124, 
186, 
205, 


Day, 
197, 
89, 
2, 
3T 
58, 
16, 
88, 
1145 
86, 
20, 
128, 
28, 


183, 
123, 
30, 
253, 
146, 
88, 
219, 
67, 
237, 
132, 
101, 
88, 
182, 
251, 


126, 


80, 


59, 
243.7 


48, 


TT, 


152, 
297. 
237, 
213, 


176, 


140, 
212, 


164, 
158, 
94, 


119, 
157, 


89, 
207 

162, 

124, 
58, 
73, 


126, 


6, 
74, 
251, 
140, 


52, 

208, 

136, 
87, 


34, 


160, 


64, 


186, 


208, 
217, 


188, 


119, 


33, 
35, 
68, 
52, 
164, 
10, 
105, 
121. 
136, 


176, 
255, 


227, 


Lis 


jos 
74, 
147, 


144, 

90, 

I 
76, 


33, 
i735 
171, 
162, 
180, 
225, 
Ths 
156, 
141, 
99, 
255, 


84, 
527 
6, 
31, 


120, 
88, 
209, 


197 


176, 
88, 


108, 
123, 

204, 
130, 
197, 
145, 
253, 
176, 
84, 


116, 
244, 


119, 
108, 


225, 
213, 


130, 
83, 
124, 
0, 


196, 


111, 


185, 


233; 


45, 
169, 
40, 
118, 
28, 
88, 
193, 
129, 
26, 
233, 


216, 
176, 
98, 
16, 
75, 
9, 
8, 
28, 
89, 
197, 


154, 
57, 


60, 
iT, 
67, 


250, 
B 
17% 
57, 
68, 
107, 
88, 
132, 
214, 
153, 
66, 
56, 
140, 
147, 


224, 


90, 
245, 


87, 
18, 


204, 


252, 
130, 
162, 


155, 
176, 
25. 

139, 


135, 
152, 


185, 
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50, 
220, 
229, 


141, 
101, 
149, 199, 


51, 
165, 


147, 
224, 
78, 


91, 186, 7, 
148, 181, 


246, 106, 217, 
17, 181, 128, 
56, 15, 14, 190, 91, 216, 
8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 

59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 

152, 118, 93, 222, 194, 192, 148, 115, 83, 

83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 

76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 
101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 
13, 142, 212, 129, 1, 176, 5, Or 112, 203; 

189, 54, 172, 189, 245, 223, 253, 205, 12, 
40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 

194, 210, 180, 188, 63, 210, 139, 221, 2, 
227, 242, 106, 12, 135, 142, 139, 144, 

99, 6, 43, 193, 161, 116, 234, 216, 1, 
124, 193, 38, 12, 242, 90, 101, 76, 204, 
26, 76, 195, 250, 212, 191, 185, 191, 97, 

90, 123, 121, 172, 101, 50, 160, 221, 141, 
198, 110, 104, 182, 141, 120, 51, 25, 232, 
4, 135, 221, 142, 25, 135, 2, 129, 132, 
119, 11, 141, 117, 134, 198, 62, 150, 254, 
224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 
164, 128, 62, 116, 224, 180, 109, 169, 

199. 81, 24, 181, 176, 75, 44, 6l, 91, 
16, 231, 60, 217, 56, 131, 118, 168, 

174, 162, 226, 242, 112, 68, 246, 

58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 
28, 100, 162, 207, 162, 222, 117, 248, 170, 

33, 57, 83, 253, 12, 168, 110, 194, 59, 
176, 218, 122, 149, 21, 249, 195, 178, 174, 

201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 

0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 

202, 20, 234, 182, 91, 204, 146, 195, 187, 
204, 252, 177, 212, 89, 33, 50, 132, 184, 
69, 176, 201, 102, 140, 14, 143, 212, 212, 

155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 
244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 
197, 83, 24, 22, 180, 174, 47, 207, 52, 

228, 224, 228, 193, 248, 155, 202, 90, 7, 
14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 
199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 
23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 

245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 

217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 

17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 
209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 

128, 117, 87, 251, 224, 37, 23, 248, 21l, 218, 

143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 


29, 

108, 
205, 
240, 
14, 


97, 
177, 
44, 


197, 
185, 


27, 


1, 


Standards Track [Page 35] 


REC 7517 JSON Web Key (JWK) 


23134 
208, 
249, 
235, 173, 30, 


100, 
109, 
234, 


167, 
69, 
86, 


32, 
1:9; 


130, 
253, 


173, 237, 
84, 130, 
241, 182, 19, 117, 246, 26, 
140, 90, 29, 183, 190, 77, 
184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 
6, 63, 70, 188, 7, 101, 216, 127, 77, Sls 12, 233, 
150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 
31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 
157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 
192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 
128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 
195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 
249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 
210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 
O, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 
175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 
162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 
200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 
4, 85, 255, 103, 217, O, 116, 198, 80, 91, 167, 192, 
149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 
176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 
185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 
204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 
219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 
174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 
118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 
127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 
175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 
159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 
195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 
215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 6l, 
163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 
86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 
56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 
149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 
114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 
24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 
253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 
183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 
170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 


89, 
130, 


55, 
193, 


110, 
92, 58, 
181, 92, 
53, 206, 


70, 


The resulting Authentication Tag value is: 


[208, 
236] 


113, 102, -1327 236; 2306, -077 223, 39, 53, 98; 
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142, 
108, 
101, 
127, 
7, 
127, 
215, 
39, 
190, 
44, 
iir, 
14, 


224, 


252, 


162, 


224, 


226, 
223, 


78, 
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127, 
150, 
155, 
5, 87, 
103, 148, 
147, 106, 
51, 180, 
117, 247, 108, 
105, 204, 5, 63, 
149, 94, 79, 
PTO LOT Tir uw 
51, 43, 75, 
155, 140, 228, 
238, 227, 16, 
254, 27, 102, 
202, 192, 5, 
147, 204, 
52, 0, 245, 
199, 197, 
144, 120, 
138, 51, 23, 
48, 208, 
16, 135, 
71, 129, 
115, 214, 
246, 199, 
190, 65, 235, 
90, 126, 237, 4, 
249, 152, 49, 
164, 213. Til, 
106, 208, 95, 60, 
2qo 7, 00415 5093. 
90, 191, 71, 
194, 4, 97, 
202, 139, 28, 
61, 62, 138, 
139, 19, 153, 
4, 50, 7, 178, 
42. 181, 51, 
175, 8] 


65, 
42, 


230, 
136, 
44, 103, 

8, 187, 
233, 
30, 
36, 


87, 


154, 
208, 
13, 

210, 

176, 

218, 

Say 

67, 


99. 925. Ll LT; 
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Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 
value (with line breaks for display purposes only): 


AwhB8lxrlKjFn02LGWEqg27HA4Tg9fyZAbFv3p5bZicHpj64Q0yHC44qq123JEmnzTgQo 
wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrEO7NtOerBk8bwBOyZ6g 
OkOS3DEOIglfYxV8-FJvNBYwbqNl1Bckó6d i70tjSHV-8DIrp-3JcRIe05YKy3Oi342 
GOiAclEK21B11c_AE11PII_wvvtRiUiG8YofO0XakWdl_098Kap-UgmyWPfreUJ31JP 
nbD4Ve95owEfMGLOPf102MnjaTDCwQokoJ xplO2vNPz8iguLcHBoKllyQFJL2mOWB 
wqhBo90j-0800as5mmLsvOMTflIrIEDDbTMzHMBZ8EFW9fWwwEFuODWQJGkMNhmBZQ-3 
lvqTc-M6-gWA6D8PDhONfP20ib2HGizwGliEaX8GRyUpfLuljCLIel1DkGOewhKuKkZ 
hO4DKNM5Nbugf2atmU9OPOLdx5peCUtRGl1gMVl7Qup5ZXHTjgPDr5b2N731Uo0CGAU 
gHdgGhg0JVJ. ObCTdjsHACF1SJsdUhrXvYx3HJh2Xd7CwJRzU 3Y1GxYU6-s3GFPbi 
rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgOGwBOBwy665 
dOzpvTasvfXf cOMWAl-neFaKOW Px6g4EUDjG1GWSXV9cLStLw OovdApDIFLHYHe 
PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS 
ub9hxrpJ4UsOWnt5rGUyoN2N cl-TOlXxm5otol14MxnoAyBOBpwIEgSH3YAZhwKBhH 
PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQlOvWOBRHSDbPWYz xbGkgD504LRtqRwCO7CC 
.CyyURilsEssPVsMJRX UALFEOC82TiDdqjKOjRUfKK5rqLi8nBE9soQO0DSaOoFQZi 
GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U 0MqG7COxZWMOPEFrDaepUV-cOy 
rvoUIng8i81jKBKxETY2BgPegKBYCxsAUCAkKamSCC9AiBxAOUOHyhTqtlvMksO7AE 
hNC2-YzPyxlFkhMoSA4LLe6E pFsMlmjA6PINSge9C5G5tETYXGAn6blxZbHtmwrPSc 
ro9LWhVmAaA7 bxYObnFUxgWtK4vzzQBjZJ36UTkA4OTB-JvKWgfVWCFsaw5WCHj60Oo 
4jpO7d2yN7WMfAj2hTEabz9wumQOTMhBduZ-QON3pYObSy7TSClvVmeONJrwF cJRe 
hKTEmdlXGVldPxZCplr7ZQOqROhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmw;jI 
B1V vgJRfA4FdpV-4hUk4-QLpu3-11WFxrtZKcggq3tWTduRo5 QebQbUUT VSCgsFc 
OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLalz5 
TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm tnFQfcb13X3bJ15 
Cz-Ww1MGhvIpGGnMBT ADp9xSIyAM9dOlyeVXk-AIgWBUlN5buyWSGyCxpO0cJwx7HxM 
38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs 7/uMQAGRdgRIELITJE 
SGMjb 4bZq9s6VelLKkSi0 ODsrABaLe55UYOzFAZSfOV5PMyPtocwV dcNPIxLgNA 
DIBFX Z9kAdMZOW6fAmsfFleOzAoMe419pMESHOJB4sJGdCKtOXjlcXNydDYozF718 
HOOBV Er7zd6VtIwOMxwkFCTatsv R-GsBCH218RgVPsfYhwVuT8RAHarpzsDBufCA4 
r8 c8fc92278sQ081jFjOja6L2x0N ImzFNXU6xwO-Ska-QeuvYZ3X L31Z2O0OX4Llp- 
7OSfgDoHnOxFviXws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 
v9omA-6vv51IxUHO-1WMiHLO g8vnswp-JavO0c4t6URVUzujNOoNd CBGGVnHiJTCHl 
88LOxsqLHHTu4Fz-U2SGn1xGT3]0-ihit2ELGRv4v08ElBosTmf0cx3qgG0Pq0eO0LBD 
IHsrdZ CCAiTcOHVkMbyq1M6qEhM-q5P6ylQCIrwg 


Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 
Tag) gives this value: 


Jones 


OHFmhOzsQ98nNWJjIHKR7A 
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C.9. Complete Representation 


Assemble the final representation: The JWE Compact Serialization of 
this result, as defined in Section 7.1 of [JWE], is the string 


BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE 
Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' 
|| BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication 
Tag). 
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The final result in this example (with line breaks for display 
purposes only) is: 


Jones 


eyJhbGciOiJQOkVTMilIUzI1NitBMTIASl1ciLCJwMnMiOiIlyVONUYOpaMVJ2ZF9DSn 
VKomlwUTF3IiwicDJjljoOMDk2LCJlbmMiOiJBMTIA4QOJDLUhTMjU2IiwiY3R5Ijoi 
andrK2pzb24ifQ. 
TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TRluIxR9p6hsROh9Tk7BA. 
Ye9j1qs22DmRSAddIh-VnA. 
AwhB8lxrlKjFn02LGWEqg27HA4Tg9fyZAbFv3p5bZicHpj64QyHC44qq123JEmnZzTgQo 
wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrEO7NtOerBk8bwBOyZ6g 
OkOS3DEOIglfYxV8-FJvNBYwbqN1Bckó6d i70tjSHV-8DIrp-3JcRIe05YKy3Oi342 
GOiAclEK21B11c_AE11PII_wvvtRiUiG8YofO0XakWdl_098Kap-UgmyWPfreUJ31JP 
nbD4Ve95owEfMGLOPf102MnjaTDCwQokoJ xplO2vNPz8iguLcHBoKllyQFJL2mOWB 
wqhBo90j-0800as5mmLsvOMTflIrlIEDbDbTMzHMBZ8EFW9fWwwFuODWQJGkMNhmBZQ-3 
lvqTc-M6-gWA6D8PDhONfP20ib2HGizwGliEaX8GRyUpfLuljCLIel1DkGOewhKuKkZ 
hO4DKNM5Nbugf2atmU9OPOLdx5peCUtRGl1gMVl7Qup5ZXHTjgPDr5b2N731Uo0CGAU 
gHdgGhg0JVJ. ObCTdjsHACF1SJsdUhrXvYx3HJh2Xd"7CwJRzU 3Y1GxYU6-s3GFPbi 
rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgOGwBOBwy665 
dOzpvTasvfXf cOMWAl-neFaKOW Px6g4EUDjG1GWSXV9cLStLw OovdApDIFLHYHe 
PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS 
ub9hxrpJ4UsOWnt5rGUyoN2N cl-TOlXxm5otol4MxnoAyBOBpwIEgSH3YAZhwKBhH 
PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQlOvWOBRHSDbPWYz xbGkgD504LRtqRwCO7CC 
.CyyURilsEssPVsMJRX UALFEOC82TiDdqjKOjRUfKK5rqLi8nBE9soQO0DSaOoFQZi 
GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U 0MqG7COxZWMOPEFrDaepUV-cOy 
rvoUIng8i81jKBKxETY2BgPegKBYCxsAUCAkKamSCC9AiBxAOUOHyhTqtlvMksO7AE 
hNC2-YzPyxlFkhMoSA4LLe6E pFsMlmjA6P1NSge9C5G5tETYXGAn6blxZbHtmwrPSc 
ro9LWhVmAaA7 bxYObnFUxgWtK4vzzQBjZJ36UTkA4OTB-JvKWgfVWCFsaw5WCHj60Oo 
4jpO7d2yN7WMfAj2hTEabz9wumQOTMhBduZ-QON3pYObSy"7TSClvVmeONJrwF cJRe 
hKTFmdlXGVldPxZCplr7ZQOqROhF8JP-l4mEOVnCaWGn9ONHlemczGOS-A-wwtnmw.;jI 
B1V vgJRfA4FdpV-4hUk4-QLpu3-11WFxrtZKcggq3tWTduRo5 QebQbUUT VSCgsFc 
OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLalz5 
TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm tnFQfcbl13X3bJ15 
Cz-Ww1MGhvIpGGnMBT ADp9xSIyAM9dOlyeVXk-AIgWBUlN5buyWSGyCxpO0cJwx7HxM 
38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs 7uMQOAGRdgRIELITJE 
SGMjb 4bZq9s6VelLKkSi0 ODsrABaLe55UYOzFAZSfOV5PMyPtocwV dcNPIxLgNA 
DIBFX Z9kAdMZOW6fAmsfFleOzAoMe419pMESHOJBA4sJGdCKtOXjlcXNydDYozF718 
HOOBV Er7zd6VtIwOMxwkFCTatsv R-GsBCH218RgVPsfYhwVuT8RAHarpzsDBufC4 
r8 c8fc92278sQ081jFjOja6L2x0N ImzFNXU6xwO-Ska-QeuvYZ3X L31Z2O0OX4Llp- 
7OSfgDoHnOxFviXws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8O0I9atBfPKMGAO 
v9omA-6vv51IxUHO-1WMiHLO g8vnswp-JavO0c4t6URVUzujNOoNd CBGGVnHiJTCHl 
88LOxsqLHHIuA4Fz-U2SGnlxGTjO0-ihit2bELGRv4vO8ElBosTmfÜcx3qgGOPqO0eOLBD 
IHsrdZ CCAiTcOHVkMbyq1M6qEhM-q5P6ylQCIrwg. 

OHFmhOzsQ98nNWJjIHkR7A 
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